Patching Linux Servers not connected to internet

Patching Linux Servers not connected to internet

I didn’t want to open internet to a bunch Linux Servers, so I wanted to use one and only as a cache and make it a single spot to get all updated, thought in Squid and worked smoothly…

Squid Proxy Server

Installing Squid

I chose an internet-connected Ubuntu Linux 20.4 Server, only used by IT staff, where I installed Squid proxy

sudo apt update
sudo apt install squid

Checking that Squid was alive:

netstat -plunt | grep 3128

Testing Squid

Configuring Squid port

Made a backup copy of the configuration file just in case

sudo cp /etc/squid/squid.conf{,.ori}

By default, Squid is set to listen on port 3128 on all network interfaces, but I preferred to change it to 8080.

Also, access from remote host on the local network must be specific (allowed remoted hosts)

sudo nano /etc/squid/squid.conf

Setting up Squid port

Allowing connections only from specific Linux hosts

Better to prevent intruders, so I created new file with intended IP Addresses:

sudo nano /etc/squid/allowed_hosts.txt

Put inside allowed hosts only
host1
host2
...

Created new ACL in squid.conf to allow access for allowed hosts only.

Restricting connections

Restricting connections

And restarted Squid

systemctl restart squid

Finally, important to allow corporate firewalls connections TCP/8080 from allowed hosts if necessary

Clients

On each host, did the following (Linux Ubuntu Server 20.4)

sudo nano /etc/apt/apt.conf.d/05proxy

Added following lines

Acquire {
  HTTP::proxy "http://[IP_ADDRESS_SQUID]:8080";
  HTTPS::proxy "https://[IP_ADDRESS_SQUID]:8080";
}

From this moment on, I was able to run apt update and apt upgrade to receive their updates from the internet.

« Configuring Remote Desktop listener certificate on Windows Server
Linux equivalent of WSUS with Ansible and Squid »
Eloy Salamanca
Eloy Salamanca
Subscribe!

Stay in the loop with the latest updates!

BIO